|
Roberto C. Sanchez
roberto at familiasanchez.net
Wed Dec 14 21:29:07 EST 2005
Graham Dumpleton wrote: > > Another non obvious problem which arises because of this arrangement is > that if the second instance of Apache you are running has write access > to the directories, it will dump Python .pyc files. If you are then only > using AddHandler and not SetHandler, there will be nothing to stop > someone specifying a URL which targets the .pyc files and they will be > able to download them also and then decompile them, thus potentially > getting access to sensitive information. > > Good idea to have an excplicit rule: > > <Files *.pyc> > deny from all > </Files> > I had not considered that. However, I don't see any .pyc files anywhere under ~/public_html/. -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~roberto -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature Url : http://mm_cfg_has_not_been_edited_to_set_host_domains/pipermail/mod_python/attachments/20051214/77f4032f/signature.bin
|